Real Host, Latvia - RBN Resurgence or Clone?
Please register or login to download files from this category.
|License||Creative Commons by-nc-nd|
|Changed at||2009-08-01 07:00:00|
As a cybercrime and bullet proof hosting hub, Real Host Ltd - which resides on the autonomous system AS8206 Junik based in Riga, Latvia - is high on any watch list.
"It (Real Host) was a cesspool of criminal activity," Ferg (Paul Ferguson – Trend Micro)
It should be of real concern to all of us within the internet community and the wider public domain that operations such as these seem to be able to function quite so openly until their underhand activities are exposed through investigations such as that as follows.
Our investigations, in conjunction with Andrew Martin of Martin Security led us from an alert about an attack that a reader had experienced through to a lucrative business model of hostile activities against internet users involving paid money mules, exploits, botnets, phishing sites and other cybercriminal activities.
The hallmark of the attacks and operational elements of Real Host led us somewhat interestingly and yet again down a path towards the former Russian Business Network (RBN) and begs the question of whether this is a resurgence of the RBN, an offshoot from the original network or a clone.
The philosophy behind this study is that we as an Internet community act in accordance with the ACM (Association of Computing Machinery) code of ethics e.g. avoid harm to others."Harm" means injury or negative consequences, such as undesirable loss of information, loss of property, property damage, or unwanted environmental impacts. This principle prohibits use of computing technology in ways that result in harm to any of the following: Internet users and the general public. It is our and all the Internet Security community‟s responsibility to „blow the whistle. While we do not take the actions to „stop‟ the cyber criminals we do urge those who provide connectivity or peering to consider this report and their role.